With the development of the Internet, most of the services in modern society can be carried out online. For example, civil affairs such as issuing a copy of resident registration can be handled online as well as financial transactions, and buying and selling goods.
Such services deal with information such as personal information or financial transaction information. Accordingly, in order to transmit and receive information under these services, techniques for enhancing security are essentially required.
As a well-known technique for enhancing security in information transmission/reception, there is a technique using RSA, which is a system for encrypting and decrypting data using asymmetric keys. In the RSA system, data is encrypted based on a public key and a private key and is transmitted over a communications network. However, the public key is disclosed and shared on the Internet. Accordingly, if a private key is found based on the public key, the encrypted data may be hacked. Although it is known that it is very difficult to find a private key based on a public key, it is not mathematically impossible. Therefore, it can be said that such an RSA system has a weakness in security.
In order to further enhance security, various security media such as an authentication certificate, an one time password (OTP), a security card, an I-PIN, etc. are utilized.
However, even if such security media including an OTP are utilized, it is not possible to ensure security when a user's terminal device or a server providing service to the user through the user's terminal device is infected with a malicious code. For example, when a user's terminal device accesses a phishing site, it is difficult for the user to recognize it even by utilizing both the RSA system and the OTP. Therefore, financial transaction accidents or personal information leakage may take place.